automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13754 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 313 insertions, 7 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index b2c3af03d3..a3ee2f3157 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -101,7 +101,7 @@ CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a
 	NOTE: From Chris Gragsone's message on BUGTRAQ:
 	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
 	NOTE: "for networks running the Internet Protocol (IP)."
-CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
+CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The JavaScript ...)
 	NOT-FOR-US: MSIE
 CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
 	NOT-FOR-US: SpeedXess HA-120 DSL router
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 1d46da5629..1206259a22 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -6812,7 +6812,7 @@ CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-4267
 	RESERVED
-CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
+CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...)
 	NOT-FOR-US: Microsoft Office Excel
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 9c45235626..894c198905 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,97 @@
+CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...)
+	TODO: check
+CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...)
+	TODO: check
+CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...)
+	TODO: check
+CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...)
+	TODO: check
+CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...)
+	TODO: check
+CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 ...)
+	TODO: check
+CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue ...)
+	TODO: check
+CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...)
+	TODO: check
+CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...)
+	TODO: check
+CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component ...)
+	TODO: check
+CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...)
+	TODO: check
+CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts ...)
+	TODO: check
+CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus ...)
+	TODO: check
+CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 ...)
+	TODO: check
+CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 ...)
+	TODO: check
+CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows ...)
+	TODO: check
+CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote ...)
+	TODO: check
+CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and ...)
+	TODO: check
+CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
+	TODO: check
+CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows ...)
+	TODO: check
+CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a ...)
+	TODO: check
+CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ...)
+	TODO: check
+CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...)
+	TODO: check
+CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...)
+	TODO: check
+CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...)
+	TODO: check
+CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...)
+	TODO: check
+CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...)
+	TODO: check
+CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...)
+	TODO: check
+CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...)
+	TODO: check
+CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums ...)
+	TODO: check
+CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ...)
+	TODO: check
+CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for ...)
+	TODO: check
+CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 ...)
+	TODO: check
+CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...)
+	TODO: check
+CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...)
+	TODO: check
+CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...)
+	TODO: check
+CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...)
+	TODO: check
+CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...)
+	TODO: check
+CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...)
+	TODO: check
+CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...)
+	TODO: check
+CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...)
+	TODO: check
+CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...)
+	TODO: check
+CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...)
+	TODO: check
+CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...)
+	TODO: check
 CVE-2009-4538 [incorrect fix for CVE-2009-1385 on the e1000e driver]
 	RESERVED
 	- linux-2.6 <unfixed> (low; bug #564114)
@@ -386,6 +480,7 @@ CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...
 CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
 	NOT-FOR-US: ScriptsEz Ez Blog	
 CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...)
+	{DSA-1966-1}
 	- horde3 3.3.6+debian0-1 (low)
 CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...)
 	NOT-FOR-US: IBM AIX
@@ -868,7 +963,7 @@ CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other version
 	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
 CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the ...)
 	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
-CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the ...)
+CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...)
 	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
 CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...)
 	NOT-FOR-US: TYPO3 extension
@@ -2072,8 +2167,8 @@ CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
 	NOTE: might've been fixed earlier
 CVE-2009-3735
 	RESERVED
-CVE-2009-3734
-	RESERVED
+CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
+	TODO: check
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
 	- mandos 1.0.13-1 (bug #551907)
 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
@@ -2226,6 +2321,7 @@ CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin bef
 CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 ...)
 	NOT-FOR-US: PHP-Calendar
 CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	{DSA-1966-1}
 	- horde3 3.3.6+debian0-1 (low)
 	NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
 CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote ...)
@@ -3521,6 +3617,7 @@ CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux
 	- linux-2.6 2.6.30-1 (low)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
+	{DSA-1966-1}
 	- horde3 3.3.5+debian0-1 (low)
 	[lenny] - horde3 3.2.2+debian0-2+lenny1
 	NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch
@@ -5580,7 +5677,7 @@ CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows l
 	NOT-FOR-US: NetBSD
 CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 ...)
 	NOT-FOR-US: NetBSD OpenPAM
-CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261 when global ...)
+CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global ...)
 	NOT-FOR-US: Six Apart Movable Type
 CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
 	NOT-FOR-US: Six Apart Movable Type
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index a62be0fc98..895b97b310 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,4 +1,212 @@
-CVE-2010-XXXX (NIS users shadow password leakage)
+CVE-2010-0219
+	RESERVED
+CVE-2010-0218
+	RESERVED
+CVE-2010-0217
+	RESERVED
+CVE-2010-0216
+	RESERVED
+CVE-2010-0215
+	RESERVED
+CVE-2010-0214
+	RESERVED
+CVE-2010-0213
+	RESERVED
+CVE-2010-0212
+	RESERVED
+CVE-2010-0211
+	RESERVED
+CVE-2010-0210
+	RESERVED
+CVE-2010-0209
+	RESERVED
+CVE-2010-0208
+	RESERVED
+CVE-2010-0207
+	RESERVED
+CVE-2010-0206
+	RESERVED
+CVE-2010-0205
+	RESERVED
+CVE-2010-0204
+	RESERVED
+CVE-2010-0203
+	RESERVED
+CVE-2010-0202
+	RESERVED
+CVE-2010-0201
+	RESERVED
+CVE-2010-0200
+	RESERVED
+CVE-2010-0199
+	RESERVED
+CVE-2010-0198
+	RESERVED
+CVE-2010-0197
+	RESERVED
+CVE-2010-0196
+	RESERVED
+CVE-2010-0195
+	RESERVED
+CVE-2010-0194
+	RESERVED
+CVE-2010-0193
+	RESERVED
+CVE-2010-0192
+	RESERVED
+CVE-2010-0191
+	RESERVED
+CVE-2010-0190
+	RESERVED
+CVE-2010-0189
+	RESERVED
+CVE-2010-0188
+	RESERVED
+CVE-2010-0187
+	RESERVED
+CVE-2010-0186
+	RESERVED
+CVE-2010-0185
+	RESERVED
+CVE-2010-0184
+	RESERVED
+CVE-2010-0183
+	RESERVED
+CVE-2010-0182
+	RESERVED
+CVE-2010-0181
+	RESERVED
+CVE-2010-0180
+	RESERVED
+CVE-2010-0179
+	RESERVED
+CVE-2010-0178
+	RESERVED
+CVE-2010-0177
+	RESERVED
+CVE-2010-0176
+	RESERVED
+CVE-2010-0175
+	RESERVED
+CVE-2010-0174
+	RESERVED
+CVE-2010-0173
+	RESERVED
+CVE-2010-0172
+	RESERVED
+CVE-2010-0171
+	RESERVED
+CVE-2010-0170
+	RESERVED
+CVE-2010-0169
+	RESERVED
+CVE-2010-0168
+	RESERVED
+CVE-2010-0167
+	RESERVED
+CVE-2010-0166
+	RESERVED
+CVE-2010-0165
+	RESERVED
+CVE-2010-0164
+	RESERVED
+CVE-2010-0163
+	RESERVED
+CVE-2010-0162
+	RESERVED
+CVE-2010-0161
+	RESERVED
+CVE-2010-0160
+	RESERVED
+CVE-2010-0159
+	RESERVED
+CVE-2010-0158 (SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin ...)
+	TODO: check
+CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...)
+	TODO: check
+CVE-2010-0156
+	RESERVED
+CVE-2010-0155
+	RESERVED
+CVE-2010-0154
+	RESERVED
+CVE-2010-0153
+	RESERVED
+CVE-2010-0152
+	RESERVED
+CVE-2010-0151
+	RESERVED
+CVE-2010-0150
+	RESERVED
+CVE-2010-0149
+	RESERVED
+CVE-2010-0148
+	RESERVED
+CVE-2010-0147
+	RESERVED
+CVE-2010-0146
+	RESERVED
+CVE-2010-0145
+	RESERVED
+CVE-2010-0144
+	RESERVED
+CVE-2010-0143
+	RESERVED
+CVE-2010-0142
+	RESERVED
+CVE-2010-0141
+	RESERVED
+CVE-2010-0140
+	RESERVED
+CVE-2010-0139
+	RESERVED
+CVE-2010-0138
+	RESERVED
+CVE-2010-0137
+	RESERVED
+CVE-2010-0136
+	RESERVED
+CVE-2010-0135
+	RESERVED
+CVE-2010-0134
+	RESERVED
+CVE-2010-0133
+	RESERVED
+CVE-2010-0132
+	RESERVED
+CVE-2010-0131
+	RESERVED
+CVE-2010-0130
+	RESERVED
+CVE-2010-0129
+	RESERVED
+CVE-2010-0128
+	RESERVED
+CVE-2010-0127
+	RESERVED
+CVE-2010-0126
+	RESERVED
+CVE-2010-0125
+	RESERVED
+CVE-2010-0124
+	RESERVED
+CVE-2010-0123
+	RESERVED
+CVE-2010-0122
+	RESERVED
+CVE-2010-0121
+	RESERVED
+CVE-2010-0120
+	RESERVED
+CVE-2010-0119
+	RESERVED
+CVE-2010-0118
+	RESERVED
+CVE-2010-0117
+	RESERVED
+CVE-2010-0116
+	RESERVED
+CVE-2010-XXXX
 	- eglibc 2.10.2-4 (medium; bug #560333)
 	- glibc <removed> (medium)
 CVE-2010-0115
@@ -214,6 +422,7 @@ CVE-2010-0013 [pidgin local file disclosure vuln]
 	NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
 CVE-2010-0012 [transmission directory traversal when processing .torrent files]
 	RESERVED
+	{DSA-1967-1}
 	- transmission 1.77-1 (low)
 	TODO: check affected versions
 	NOTE: http://trac.transmissionbt.com/changeset/9829/